Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp3396481rwa;
        Tue, 23 Aug 2022 04:12:34 -0700 (PDT)
X-Google-Smtp-Source: AA6agR4xV9ZBy22yHBCG7xinPexUP2LUZ2zBF+wLekDI3b92WLG7Pp7SkbpEioTmEfUObH749eD1
X-Received: by 2002:a17:902:b086:b0:171:2632:cd3b with SMTP id p6-20020a170902b08600b001712632cd3bmr25020472plr.111.1661253154379;
        Tue, 23 Aug 2022 04:12:34 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1661253154; cv=none;
        d=google.com; s=arc-20160816;
        b=B+n1NdYNs5L+cxUpbxfWrlqM0GkyMVMLcFUWPY6wLuBJz2GzhYyJevLywMTigp1wx8
         RRfIQndQgK4WhGPU1VvYd/hyFn9UZhFXbx/PzwHwS1p6HTbhiAK8axFsxa3ydtidJ53Z
         xK4Mj0EzqESw2vDMhDtOWI1AT+p4DxAzUdECX2QhypytQoPETV3vfEVZ0kyt6VYKJD+n
         ELCbUNm3sCFPb6F56mH5M7+KjrdYuB0aE1ct2KOjkdngeb80EX59ghfCTu7LTfFny2Uq
         7t1C7ZEJI8Vd+YiEdCFP/gv+mLnzN6qXOtiu8EqWkoQW1IoeY3D2gLoo+e0eZICrLY2b
         Tvyw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=Mr/aOUgokDnNomttxF7eBaQWIBUanuYcjR66slAiHzs=;
        b=lKgP1hM3SBt/Y5bgCIL1TnUc32wDD7Sb2mGQQ7+YAMCUnr8Ek6EpMUmqjMcUmxhzm1
         C5G5XG4ZNsxjDxBK7Mvtp4a9fiXqA5T4WNYSd9nTqw72nd56DY9BESpSI9r32dEeOm8r
         FUY1Y87Po3ZvWp7cs863WV42XrWf5IKyKfpCToIv19/FBh6kXkQzxGyg2L5oKoguz8NF
         nbkOUXR947SghPPgO7TWmvnKbfBRhWPMudsaz9cUOG8ZfdPi0y21RbSOQPraVcYuCk6+
         XgCa4Gntyqi8TL6UJ4QYeD0utFewavofwGRXf1FzDALS/TMmCl/Bo9spoKdv/DEX+f3B
         fMFw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=AyucyXNB;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id o16-20020a170902d4d000b00170a752cae8si13169348plg.115.2022.08.23.04.12.23;
        Tue, 23 Aug 2022 04:12:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=AyucyXNB;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1354510AbiHWKaG (ORCPT <rfc822;andreqb@gmail.com> + 99 others);
        Tue, 23 Aug 2022 06:30:06 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52570 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1353486AbiHWKNh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 23 Aug 2022 06:13:37 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A04B77333E;
        Tue, 23 Aug 2022 01:59:42 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id D854CB81C28;
        Tue, 23 Aug 2022 08:59:40 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1E0F3C433D6;
        Tue, 23 Aug 2022 08:59:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1661245179;
        bh=dlKpSa3x4yoY73lQP0rU57gjhQ+MYqOS71te7t6vVts=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=AyucyXNB0BOrhkw7Dt3Mre8pO6j7vxAvXXK8MOEcntdYfiXZjAT7ZWpvrO6f1G15d
         YLfQJgKH5pNlN0yOBzaIENQ6lCtiOgSPAmBnsC0yTe7A8vSla/1mSuk1dVn3lpUeQC
         q4eNgje2Ch8qc9gkCEnt63eLmGh9jFkVpZ2+GbiM=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        "Darrick J. Wong" <djwong@kernel.org>,
        Dave Chinner <dchinner@redhat.com>,
        Leah Rumancik <leah.rumancik@gmail.com>
Subject: [PATCH 5.15 241/244] xfs: fix overfilling of reserve pool
Date:   Tue, 23 Aug 2022 10:26:40 +0200
Message-Id: <20220823080107.670496251@linuxfoundation.org>
X-Mailer: git-send-email 2.37.2
In-Reply-To: <20220823080059.091088642@linuxfoundation.org>
References: <20220823080059.091088642@linuxfoundation.org>
User-Agent: quilt/0.67
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: "Darrick J. Wong" <djwong@kernel.org>

[ Upstream commit 82be38bcf8a2e056b4c99ce79a3827fa743df6ec ]

Due to cycling of m_sb_lock, it's possible for multiple callers of
xfs_reserve_blocks to race at changing the pool size, subtracting blocks
from fdblocks, and actually putting it in the pool.  The result of all
this is that we can overfill the reserve pool to hilarious levels.

xfs_mod_fdblocks, when called with a positive value, already knows how
to take freed blocks and either fill the reserve until it's full, or put
them in fdblocks.  Use that instead of setting m_resblks_avail directly.

Signed-off-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Dave Chinner <dchinner@redhat.com>
Signed-off-by: Leah Rumancik <leah.rumancik@gmail.com>
Acked-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/xfs/xfs_fsops.c |   13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

--- a/fs/xfs/xfs_fsops.c
+++ b/fs/xfs/xfs_fsops.c
@@ -448,18 +448,17 @@ xfs_reserve_blocks(
 		 * count or we'll get an ENOSPC.  Don't set the reserved flag
 		 * here - we don't want to reserve the extra reserve blocks
 		 * from the reserve.
+		 *
+		 * The desired reserve size can change after we drop the lock.
+		 * Use mod_fdblocks to put the space into the reserve or into
+		 * fdblocks as appropriate.
 		 */
 		fdblks_delta = min(free, delta);
 		spin_unlock(&mp->m_sb_lock);
 		error = xfs_mod_fdblocks(mp, -fdblks_delta, 0);
-		spin_lock(&mp->m_sb_lock);
-
-		/*
-		 * Update the reserve counters if blocks have been successfully
-		 * allocated.
-		 */
 		if (!error)
-			mp->m_resblks_avail += fdblks_delta;
+			xfs_mod_fdblocks(mp, fdblks_delta, 0);
+		spin_lock(&mp->m_sb_lock);
 	}
 out:
 	if (outval) {